Knowledge Base

Spoofed emails receive signatures in the CodeTwo Exchange Rules family of products

Problem:

You receive emails sent by an external sender in an attempt to impersonate a user inside your organization. As a result of this spoofing attempt, they are processed by CodeTwo Exchange Rules and receive signatures and/or disclaimers identically to authentic emails.

Solution:

The problem occurs because software belonging to the CodeTwo Exchange Rules family of products processes messages based on the information available in the header of an email. If the sender has been impersonated (i.e. the original sender was changed to an internal sender), a spoofed email is identified as an internal message and receives a signature if it meets the conditions set in the program. Unintentionally, this can make a spoofing attempt more convincing.

Unfortunately, it is not possible to configure CodeTwo Exchange Rules so that it is able to distinguish such attempts from genuine internal communications.

However, you can configure an SPF record in your Exchange environment which will only allow senders from specific authorized IP addresses in your organization to send emails from your domain. A step-by-step guide on how to do this is available on our blog. When you configure an SPF record to limit the possible sender IP addresses, emails sent from addresses that are not listed will not be processed by Exchange and CodeTwo Exchange Rules.

See also: